Bolstering HR Security Processes to Counter Fraudulent Worker Scams

Recent reports have exposed sophisticated schemes where fraudulent technology
workers, often using fake identities and advanced technologies, infiltrate companies to
secure high-paying remote tech jobs. These operatives exploit lax hiring processes to
gain access to sensitive systems, potentially engaging in espionage, data theft, or
financial fraud. A notable example involves a cybersecurity firm – KnowBe4 hiring a North Korean Hacker and then having to perform damage control when it came to light.  Unfortunately, this is not an isolated event. There is an urgent need for Human Resources (HR) teams to strengthen their hiring background check protocols and security processes. This blog post outlines actionable steps to fortify HR practices against such threats, ensuring robust candidate verification and ongoing employee monitoring.

Understanding the Threat

Fraudulent workers employ advanced tactics to bypass traditional hiring checks. They
create convincing personas using stolen or fabricated identities, AI-enhanced tools to
manipulate interviews, and proxies to mask their locations. Once hired, these individuals may exploit corporate systems for malicious purposes, such as deploying ransomware, stealing intellectual property, or conducting financial scams. The rise of remote work has amplified this risk, as companies increasingly hire candidates without in-person interactions. The financial and reputational damage from these schemes can be significant, making it critical for HR to act safely, securely, and decisively.

Key Strategies to Strengthen HR Security

To protect against fraudulent workers, HR teams must adopt a multi-layered approach to recruitment, verification, and employee monitoring. Below are practical steps to enhance security:

Step #1: Enhance Candidate Identity Verification

Robust identity checks are essential to weed out fraudulent applicants before they enter the organization.

• Mandate Live Video Interviews: Require real-time video interviews conducted
  by trained HR staff to assess candidates. Avoid relying on pre-recorded videos or phone only, which can be altered using deep-fake technology.
• Leverage Third-Party Background Checks: Partner with trusted background
  check providers to verify candidates’ identities, employment history, education,
  and criminal records. Ensure services cross-reference government-issued IDs
  and global watchlists.
• Scrutinize Digital Footprints: Examine candidates’ professional profiles on platforms like LinkedIn or GitHub for consistency. Red flags include sparse activity, newly created accounts, or discrepancies in work history.
• Consider Biometric Verification: For high-risk roles, implement biometric authentication (e.g., facial recognition) during onboarding to confirm the candidate’s identity matches their documentation.  Consider a solution like the ones from onfido, Veriff, Hire Vue, or Jumio.

Step #2: Strengthen Interview and Hiring Processes

A rigorous hiring process can help detect anomalies and prevent imposters from
advancing.

• Use Multi-Stage Interviews: Involve multiple interviewers across technical and
  behavioral stages to evaluate candidates’ skills and consistency. Include live
  coding tests to verify technical expertise, as fraudulent applicants may rely on
  scripted answers.
• Train Recruiters on Red Flags: Educate HR staff to recognize signs of fraud,
  such as reluctance to appear on camera, vague responses, or inconsistencies in resumes. Training should cover social engineering tactics commonly used by imposters.
• Verify References Directly: Contact references using independently sourced
  contact details, not those provided by the candidate, to avoid falsified
  endorsements.

Step #3: Leverage Technology to Detect AI-Driven Deceptions

Fraudulent IT workers often use AI to enhance their scams, from voice modulation to
manipulated imagery. HR teams must counter these tactics with advanced detection
tools.

• Deploy AI Detection Software: Use tools designed to identify AI-generated
  content, such as synthetic audio or deepfake videos, during interviews.
  Cybersecurity firms offer solutions to flag manipulated media.
• Monitor for Suspicious Activity: Implement systems to detect unusual login
  patterns, IP addresses, or device signatures during the hiring process. For
  instance, frequent use of VPNs or inconsistent geolocation data may warrant
  further investigation.
• Collaborate with IT Security: Partner with cybersecurity teams to integrate
  threat intelligence into recruitment. This can help identify common tactics used by fraudulent applicants, such as exploiting service desk vulnerabilities.

Step #4: Implement Ongoing Employee Monitoring

The risk persists post-hiring, as fraudulent workers may exploit their access for
malicious activities.

• Use Continuous Authentication: Deploy behavioral biometrics, such as typing
  patterns or mouse movement analysis, to verify employees’ identities during
  remote work. This can detect if someone else is using an employee’s credentials.
• Limit System Access: Apply the principle of least privilege, granting employees
  only the access required for their roles. Regularly audit access logs to spot
  unauthorized activities, such as attempts to access restricted systems.
• Conduct Periodic Re-Verification: Re-verify employee identities and
  credentials annually or when suspicious behavior is detected. This may include
  updated background checks or, for critical roles, in-person verification.

Step #5: Foster a Culture of Security Awareness

Human error is a key vulnerability. Educating employees and leadership about the risks of fraudulent hires is essential.

• Train Staff on Phishing and Social Engineering: Conduct regular training to
  help employees recognize phishing emails, suspicious requests, or other tactics used by imposters to gain further access.
• Engage Leadership: Secure C-suite support for enhanced security measures,
  as their commitment is critical for resource allocation and policy enforcement.
• Participate in Threat Sharing: Join industry-wide initiatives to share intelligence on emerging scam tactics, enabling proactive defense against evolving threats.

Legal and Compliance Considerations

Hiring fraudulent IT workers can expose companies to legal and regulatory risks,
including violations of data protection laws or industry-specific compliance standards. To mitigate these risks:

• Screen Against Watchlists: Integrate screening processes to identify
  candidates linked to restricted entities or high-risk regions, ensuring compliance with international regulations.
• Document Verification Processes: Maintain detailed records of all verification
  steps to demonstrate due diligence in the event of audits or investigations.
• Consult Legal Experts: Work with legal counsel to navigate data privacy laws and compliance requirements, particularly for global organizations operating in multiple jurisdictions.
• Leverage services of companies like Onfido to identity the true identity of job seekers.

The Road Ahead

The infiltration of fraudulent IT workers into corporate environments is a growing threat, amplified by remote work and advancements in AI. HR departments must evolve their processes to stay ahead of sophisticated scams. By adopting advanced verification tools, fostering cross-departmental collaboration, and prioritizing security awareness, organizations can significantly reduce their vulnerability.

The stakes are high, compromised hires can lead to data breaches, financial losses,
and reputational damage. HR teams play a critical role in safeguarding their companies by implementing these measures. Stay vigilant, leverage technology, and consult cybersecurity experts to protect your organization from this evolving threat.

For further guidance, explore resources from cybersecurity organizations or government agencies like the FBI (https://www.fbi.gov) to stay informed about fraudulent hiring schemes.

Secure your business with CyberHoot Today!!!

Sign Up Now

Sources and Additional Reading:

• Dark Reading: North Korean Hacker Hired by KnowBe4 – not an Isolated Event
• Fortune: Thousands of North Korean IT workers have infiltrated the Fortune 500—and they keep getting hired for more jobs